Online banking makes organising your finances much more convenient, but can also expose you to major security risks. Keep your net banking experiences stress-free by always following these basic guidelines.
Picture by squeakywheel
As is the case with many Lifehacker 101 posts, much of this stuff might seem obvious or second-nature if you're a seasoned techie, and it's certainly territory we've touched on before. However, even seasoned techies make mistakes, and it's also useful advice to pass on to less savvy friends and relatives.
Make sure your browser and operating system are up-to-date
New security flaws are discovered in browsers and operating systems all the time, but a huge percentage of online criminal activity relies on exploiting vulnerabilities which are well-known, but which haven't been fixed by individual users. If you're not using the most up-to-date version of your preferred browser and operating system, you're dramatically increasing your risk simply by being lazy. Get up to speed with our complete guide to keeping your PC up-to-date.
Type your bank address directly into your browser
One of the most common attacks on banking customers is to direct users to "phishing" sites, which look like a legitimate bank but are actually a copy designed solely to collect user passwords and other details. An important strategy in avoiding such attacks is to make a habit of always visiting your bank site by typing the address directly into your browser. (A more extreme version of the same practice is to use a Linux live CD which you boot into solely for the purposes of banking activity.)
Use a safe and unique password
If your online banking password is your surname, the name of your first pet, the town you grew up in, your maiden name, or any other piece of vaguely obvious personal data, then you're asking for trouble. Even if you're using a combination of letters, numbers and punctuation that doesn't spell anything, you're also asking for trouble if you use the same password for online banking as you do for everything else. Check out our guide to choosing and remembering passwords to come up with a better alternative.
Make use of available security features
Many banks now offer additional security features, such as two-factor authentication which requires you to enter a unique one-time password sent to your mobile phone as well as your regular password whenever you log in. This can seem like an additional hassle, but it means that your account can't be accessed simply by acquiring your main password details.
Don't access Internet banking in public locations
You can secure your own PC, but you have no way of knowing what facilities are available on a machine in an Internet cafe, library or hotel lobby. It's very tempting to check your bank balance while you're travelling, but it's also very risky. The same also applies to basic free Wi-Fi connections on your own PC; the risk factor of using them is too high to be worth serious consideration.
Never respond directly to emails or phone calls
Your bank has not sent you an email asking you to confirm your passwords, or that you planned to spend $400 on adult videos — it's a scam designed to either acquire your data or infect your PC with malware when you click on a link. Delete it. Even if you think the message is genuine, ring your bank (and look up the number independently) to find out the details.
In the same vein, if someone claiming to be your bank rings to discuss your account, say that you can't hand out any details to an unknown caller, then ring back. The call may well be genuine, but how will you know? Any legitimate bank employee won't have a problem with this; if someone argues that you need to talk to them immediately, they're almost certainly a scammer.
Monitor your statements regularly
If you still receive paper statements, check them regularly to make sure there's no unexpected activity. If you've shifted to purely online banking, set aside a regular weekly appointment to check your banking details and make sure nothing's amiss. If you spot anything unfamiliar, contact your bank immediately.
Don't forget to log out when you're finished
Obvious, but still important. Most banking sites will automatically log you out if there's no activity after a fixed period of time, but that still leaves you potentially vulnerable to curious family members.
Got any additional tricks you use to ensure your online banking is safe? Share them in the comments.
Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?